Want to know how to hack a website and fix vulnerabilities in computer systems and networks? Are you a web administrator or developer who wants to secure your website? This Learn Website Hacking From Scratch is ideal for those who have little or no knowledge of website hacking, and want an introductory guide to this topic.
In this website hacking and penetration testing course for beginners, you'll start with learning the basics of how to exploit and mitigate websites and web applications, moving on to more advanced techniques, where topics covered include bypassing security, accessing databases, SQL injection and cross-site scripting (XSS). You'll also familiarise with the Linux operating system and BeEf web browser attacking framework.
On course completion, you'll have the practical skills and knowledge to exploit networks like an attacker. Enrol in this Learn Website Hacking From Scratch today and start hacking systems like the experts!
What you'll learn
Install hacking lab & needed software (works on Windows, OS X and Linux).
Discover, exploit and mitigate a number of dangerous vulnerabilities.
Use advanced techniques to discover and exploit these vulnerabilities.
Bypass security measurements and escalate privileges.
Intercept requests using a proxy.
Hack all websites on same server.
Bypass filters and client-side security
Adopt SQL queries to discover and exploit SQL injections in secure pages
Gain full control over target server using SQL injections
Discover & exploit blind SQL injections
Install Kali Linux - a penetration testing operating system
Install windows & vulnerable operating systems as virtual machines for testing
Learn linux commands and how to interact with the terminal
Learn linux basics
Understand how websites & web applications work
Understand how browsers communicate with websites
Gather sensitive information about websites
Discover servers, technologies and services used on target website
Discover emails and sensitive data associated with a specific website
Find all subdomains associated with a website
Discover unpublished directories and files associated with a target website
Find all websites hosted on the same server as the target website
Discover, exploit and fix file upload vulnerabilities
Exploit advanced file upload vulnerabilities & gain full control over the target website
Discover, exploit and fix code execution vulnerabilities
Exploit advanced code execution vulnerabilities & gain full control over the target website
Discover, exploit & fix local file inclusion vulnerabilities
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
Discover, fix, and exploit SQL injection vulnerabilities
Bypass login forms and login as admin using SQL injections
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections
Bypass filtering and security measurements
Read / Write files to the server using SQL injections
Patch SQL injections quickly
Learn the right way to write SQL queries to prevent SQL injections
Discover basic & advanced reflected XSS vulnerabilities
Discover basic & advanced stored XSS vulnerabilities
Discover DOM-based XSS vulnerabilities
How to use BeEF framwork
Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
Steal credentials from hooked victims
Run javascript code on hooked victims
Create an undetectable backdoor
Hack into hooked computers and gain full control over them
Fix XSS vulnerabilities & protect yourself from them as a user
What do we mean by brute force & wordlist attacks
Create a wordlist or a dictionary
Launch a wordlist attack and guess admin's password
Discover all of the above vulnerabilities automatically using a web proxy
Run system commands on the target webserver
Access the file system (navigate between directories, read/write files)
Download, upload files
Bypass security measurements
Access all websites on the same webserver
Connect to the database and execute SQL queries or download the whole database to the local machine
Requirements
Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory
Operating System: Windows / OS X / Linux
Who this course is for:
Anybody who is interested in learning website & web application hacking / penetration testing
Anybody who wants to learn how hackers hack websites
Anybody who wants to learn how to secure websites & web applications from hacker
Web developers so they can create secure web application & secure their existing ones
Web admins so they can secure their websites
Course Introduction
Course Introduction FREE 00:02:00
Preparation - Creating a Penetration Testing Lab
Lab Overview & Needed Software 00:08:00
Installing Kali 2019 As a Virtual Machine Using a Ready Image 00:10:00
Installing Kali 2019 As a Virtual Machine 00:10:00
Installing Metasploitable As a Virtual Machine 00:04:00
Preparation - Linux Basics
Basic Overview of Kali Linux 00:05:00
The Linux Terminal & Basic Linux Commands 00:11:00
Configuring Metasploitable & Lab Network Settings 00:06:00
Website Basics
What is a Website? 00:04:00
How To Hack a Website? 00:04:00
Information Gathering
Gathering Information Using Whois Lookup 00:05:00
Discovering Technologies Used On The Website 00:06:00
Gathering Comprehensive DNS Information 00:10:00
Discovering Websites On The Same Server 00:04:00
Discovering Subdomains 00:05:00
Discovering Sensitive Files 00:07:00
Analysing Discovered Files 00:04:00
Maltego - Discovering Servers, Domains & Files 00:08:00
Maltego - Discovering Websites, Hosting Provider & Emails 00:05:00
File Upload Vulnerabilities
What are they? And How To Discover & Exploit Basic File Upload Vulnerabilities 00:07:00
HTTP Requests - GET & POST 00:04:00
Intercepting HTTP Requests 00:07:00
Exploiting Advanced File Upload Vulnerabilities 00:05:00
Exploiting More Advanced File Upload Vulnerabilities 00:04:00
[Security] Fixing File Upload Vulnerabilities 00:06:00
Code Execution Vulnerabilities
What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities 00:07:00
Exploiting Advanced Code Execution Vulnerabilities 00:06:00
[Security] - Fixing Code Execution Vulnerabilities 00:06:00
Local File Inclusion Vulnerabilities (LFI)
What are they? And How To Discover & Exploit Them 00:06:00
Gaining Shell Access From LFI Vulnerabilities - Method 1 00:07:00
Gaining Shell Access From LFI Vulnerabilities - Method 2 00:11:00
Remote File Inclusion Vulnerabilities (RFI)
Remote File Inclusion Vulnerabilities - Configuring PHP Settings 00:04:00
Remote File Inclusion Vulnerabilities - Discovery & Exploitation 00:06:00
Exploiting Advanced Remote File Inclusion Vulnerabilities 00:03:00
[Security] Fixing File Inclusion Vulnerabilities 00:06:00
SQL Injection Vulnerabilities
What is SQL 00:06:00
Dangers of SQL Injections 00:03:00
SQL Injection Vulnerabilities - SQLi In Login Pages
Discovering SQL Injections In POST 00:08:00
Bypassing Logins Using SQL Injection Vulnerability 00:05:00
Bypassing More Secure Logins Using SQL Injections 00:06:00
[Security] Preventing SQL Injections In Login Pages 00:08:00
SQL Injection Vulnerabilities - Extracting Data From The Database
Discovering SQL Injections in GET 00:07:00
Reading Database Information 00:05:00
Finding Database Tables 00:04:00
Extracting Sensitive Data Such As Passwords 00:04:00
SQL Injection Vulnerabilities - Advanced Exploitation
Discovering & Exploiting Blind SQL Injections 00:06:00
Discovering a More Complicated SQL Injection 00:07:00
Extracting Data (passwords) By Exploiting a More Difficult SQL Injection 00:05:00
Bypassing Filters 00:05:00
Bypassing Security & Accessing All Records 00:09:00
[Security] Quick Fix To Prevent SQL Injections 00:07:00
Reading & Writing Files On The Server Using SQL Injection Vulnerability 00:06:00
Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server 00:08:00
Discovering SQL Injections & Extracting Data Using SQLmap 00:07:00
[Security] - The Right Way To Prevent SQL Injection 00:05:00
XSS Vulnerabilities
Introduction - What is XSS or Cross Site Scripting? 00:03:00
Discovering Basic Reflected XSS 00:04:00
Discovering Advanced Reflected XSS 00:05:00
Discovering An Even More Advanced Reflected XSS 00:07:00
Discovering Stored XSS 00:03:00
Discovering Advanced Stored XSS 00:04:00
XSS Vulnerabilities - Exploitation
Hooking Victims To BeEF Using Reflected XSS 00:06:00
Hooking Victims To BeEF Using Stored XSS 00:04:00
BeEF - Interacting With Hooked Victims 00:04:00
BeEF - Running Basic Commands On Victims 00:04:00
BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt 00:02:00
Bonus - Installing Veil 3.1 00:06:00
Bonus - Veil Overview & Payloads Basics 00:07:00
Bonus - Generating An Undetectable Backdoor Using Veil 3 00:10:00
Bonus - Listening For Incoming Connections 00:07:00
Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 00:07:00
BeEF - Gaining Full Control Over Windows Target 00:04:00
[Security] Fixing XSS Vulnerabilities 00:07:00
Insecure Session Management
Logging In As Admin Without a Password By Manipulating Cookies 00:06:00
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 00:07:00
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File 00:07:00
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link (Preview) 00:06:00
[Security] The Right Way To Prevent CSRF Vulnerabilities 00:09:00
Brute Force & Dictionary Attacks
What Are Brute Force & Dictionary Attacks? 00:04:00
Creating a Wordlist 00:07:00
Launching a Wordlist Attack & Guessing Login Password Using Hydra 00:14:00
Discovering Vulnerabilities Automatically Using Owasp ZAP
Scanning Target Website For Vulnerabilities 00:04:00
Analysing Scan Results 00:04:00
Post Exploitation
Post Exploitation Introduction 00:04:00
Interacting With The Reverse Shell Access Obtained In Previous Lectures 00:07:00
Escalating Reverse Shell Access To Weevely Shell 00:08:00
Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc 00:07:00
Bypassing Limited Privileges & Executing Shell Commands 00:05:00
Downloading Files From Target Webserver 00:05:00
Uploading Files To Target Webserver 00:08:00
Getting a Reverse Connection From Weevely 00:08:00
Accessing The Database 00:09:00
Resources
Resources - Learn Website Hacking From Scratch 00:00:00